This August has seen some high-profile cyberattacks whether it was the one on the Centre Hospitalier Sud Francilien (CHSF) in Corbeil-Essonnes or the 120 French hospitals in the Ramsay group. However, the vast majority of these attacks are not reported by the companies that suffer them, as revealed by Barracuda, a provider of security solutions for the cloud, which estimates these attacks at more than 1.2 million each month … It released a new research report on Aug. 24 that analyzes the patterns of ransomware attacks that occurred between August 2021 and July 2022.

Cybercriminals use malware, often in the form of an attachment or link, to infect the network and lock down emails, data and other critical files until a ransom is paid. These scalable and sophisticated attacks are damaging and costly, and can cripple day-to-day business operations and result in large financial losses.

In 2021, Barracuda noted a trend toward double extortion, where attackers steal sensitive data from their victims and demand payment in exchange for a promise not to publish or sell the data to other criminals. In addition to that, in this year’s research, the company found that attackers are now demanding late fees or a penalty if ransom payments are not made promptly.

Most ransomware attacks don’t make headlines. Many companies prefer not to disclose that they have been targeted, the attacks are often extremely difficult for small businesses to handle.

Fleming Shi, CTO of Barracuda, states:

“As ransomware and other cyber threats continue to evolve, the need for proper security solutions has never been greater. Many cybercriminals are targeting small businesses in an effort to gain access to larger entities. It is therefore critical that security vendors create products that are easy to use and implement, regardless of the size of the business. In addition, sophisticated security technologies must be available as a service so that businesses of all sizes can protect themselves against these ever-changing threats. By making security solutions more accessible and user-friendly, the entire industry can contribute to better defense against ransomware and other cyberattacks.”

Analysis of 106 high-profile attacks

Barracuda researchers analyzed 106 high-profile ransomware attacks between August 2021 and July 2022 and found an increase in attacks in the most targeted sectors. These sectors include education (15 percent), municipalities (12 percent), healthcare (12 percent), infrastructure (8 percent) and finance (6 percent). At the same time, attacks against other industries more than doubled from last year.

While attacks against municipalities increased only slightly, the analysis showed that ransomware attacks against educational institutions more than doubled and attacks against healthcare and finance verticals tripled.

For Fleming Shi, the fact that infrastructure-related attacks quadrupled indicates the intent of cybercriminals to inflict greater damage beyond the impact on the immediate victim and makes him realize how vulnerable we all are to potential nation-state-sponsored cyberattacks, as they are the most likely threat actors to attack infrastructure targets.

Service providers were hit the hardest (14 percent). According to Fleming Shi, whether they provide IT or other business services, these types of organizations are attractive targets for ransomware gangs because of the nature of the access they have to their customers’ systems. Access to victims multiplies if attackers succeed in their territory and expand their strategy.

Ransomware attacks on automotive, hotel, media, retail, software and technology organizations have also increased.

The data did not include any ransomware attacks on cybersecurity companies between August 2021 and July 2022, as the attack on Cisco by the Yanluowang ransomware group was not revealed until mid-August.

Lessons to be learned from this report

Over the past year, more ransomware payments have been recovered by law enforcement agencies, so the U.S. Department of Justice seized about half a million dollars in ransomware payments made to North Korean cybercriminals targeting healthcare organizations. On the other hand, the U.S. and EU are promoting cooperation against ransomware attacks

Yet cyberattackers continue to exploit the ransomware industry with prolonged extortion attempts. Fleming Shi says he is surprised to still see many successful attacks against VPN systems without stronger authentication systems in place. The rapid shift to remote working during the COVID-19 pandemic revealed that this was an area of weakness for many organizations, so it makes sense to him that cybercriminals would continue to try to exploit these vulnerabilities. While companies have had plenty of time to improve their authentication, many have not.

Still, this analysis found that fewer victims paid the ransom and more companies were able to stand firm with better defenses, especially in attacks against critical infrastructure.

Collaboration with the FBI and other law enforcement agencies is also having an impact. For Fleming Shi, attacks on critical infrastructure have been a wake-up call for authorities to take action, and agreements between individual nation-states and government leaders have created a collaborative environment to crack down on these crimes.

Analysis on 3 attacks that Barracuda’s SOC helped solve revealed several similarities:

• These attacks were not a one-day or one-week event but were carried out over several months;
• The VPN is constantly targeted because it leads to infrastructure and assets;
• Credentials are either stolen through phishing attacks or purchased on the dark web.
• Email credential links with Microsoft 365 are designed for convenience, but they also mean that single sign-on leads to many potential routes into the infrastructure

Translated from Cybersécurité : plus de 1,2 million de ransomwares ont lieu chaque mois selon Barracuda